ESC3 Enrolment Agent Templates
Another variation on ESC1. Certificate request Agent EKU can be used to request certificate on behalf of another domain object.
Configuration
To be vulnerable to ESC3, the template must have the following config:
- Enabled: True
- Enrolee Supplies Subject: True
- Requires Management Approval: False
- Authorized Signatures Required: 0
- Certificate Request Agent EKU